SpringBoot quickly integrates JWT tokens to verify user login

News 2023-07-19 07:10:29 views: null

1. Implement token token verification api interface

The JWT framework completes the generation and verification of the token

JSON Web Token, which can generate json-token tokens from token data (username\request time, etc.) to transmit between web services, and can complete information encryption and signature

insert image description here

2. Integration of JWT and SpringBoot

Introduce dependencies

<dependency>
            <groupId>com.auth0</groupId>
            <artifactId>java-jwt</artifactId>
            <version>3.19.0</version>
        </dependency>

Write JWT tool class

package com.example.springbootdemo2023.core.util;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTCreator;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;

import java.util.Date;
import java.util.Map;

/**
 * 模块名称: JWT工具包
 * 模块类型: 工具类
 * 编码人:高靖博
 * 创建时间:2023/3/17
 * 联系电话:18587388612
 */
public class MyJWTUtil {
    
    

    private MyJWTUtil(){
    
    }

    // 过期时间,单位秒
    private static final long EXP_TIME = 60 * 30L;

    // 秘钥关键字
    private static final String SECRET = "www.huawei.com";

    /**
     * 生成token
     * @param userName 登录用户名
     * @return
     */
    // 生成token时,需要添加token信息
    // userName : 签名信息,保证token无法重复或者无法被篡改
    public static String getToken(String userName){
    
    

        // 创建Token构造器
        JWTCreator.Builder builder = JWT.create();

        //设置过期时间,设置什么时候过期:EXP_TIME计算一个过期的日子
        Date date = new Date(System.currentTimeMillis() + EXP_TIME * 1000);

        //创建token
        String sign = builder.withExpiresAt(date)
                .withClaim("userName", userName)
                .withClaim("claimDate", new Date().getTime())
                .sign(Algorithm.HMAC256(SECRET));

        return sign;
    }

    /**
     * 验证签名token
     * @param token
     * @return
     */
    public static boolean verify(String token){
    
    
        try{
    
    
            DecodedJWT verify = JWT.require(Algorithm.HMAC256(SECRET)).build().verify(token);
            System.out.println("------- [token认证通过] ---------");
            System.out.println("------- userName:"+verify.getClaim("userName")+" ---------");
            System.out.println("------- 过期时间:"+verify.getExpiresAt()+" ---------");
            return true;
        }catch (Exception e){
    
    
            return false;
        }
        
        
        
        
    }

}

token interceptor, verify token

package com.example.springbootdemo2023.core.interceptors;

import com.alibaba.fastjson.JSON;
import com.example.springbootdemo2023.core.util.MyJWTUtil;
import org.springframework.boot.configurationprocessor.json.JSONObject;
import org.springframework.web.servlet.HandlerInterceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Map;

/**
 * 模块名称:token验证拦截器
 * 模块类型:
 * 编码人:高靖博
 * 创建时间:2023/3/1
 * 联系电话:18587388612
 */
public class LoginInterceptor implements HandlerInterceptor {
    
    

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
    
    

        response.setCharacterEncoding("UTF-8");
        response.setContentType("application/json; charset=utf-8");

        // 所有的token都要放在请求头中  header
        String token = request.getHeader("token");

        //验证
        if(token==null||token==""){
    
    

            Map<String,String> json = new HashMap<>();
            json.put("msg","认证失败,token不存在!");
            json.put("code","-1");
            PrintWriter writer = response.getWriter();
            writer.write(JSON.toJSONString(json));
            writer.flush();
            writer.close();
            return false;
        }else{
    
    // 验证

            boolean verify = MyJWTUtil.verify(token);
            
            if(verify){
    
    
                return true;
            }else{
    
    
                Map<String,String> json = new HashMap<>();
                json.put("msg","认证失败,token失效!");
                json.put("code","-1");
                PrintWriter writer = response.getWriter();
                writer.write(JSON.toJSONString(json));
                writer.flush();
                writer.close();
                return false;
            }
        }
    }
}

Configure interceptors

package com.example.springbootdemo2023.core.config;

import com.example.springbootdemo2023.core.interceptors.LoginInterceptor;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

/**
 * 模块名称:拦截器配置类
 * 模块类型:
 * 编码人:高靖博
 * 创建时间:2023/3/1
 * 联系电话:18587388612
 */
// 1. 实现WebMvcConfigurer 接口
@Configuration
public class InterceptorConfig implements WebMvcConfigurer {
    
    

    //2.重写addInterceptors方法
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
    
    
        //3. 注册自定义编写的拦截器
        // 调用addInterceptor,参数传递拦截器实例
        InterceptorRegistration ic = registry.addInterceptor(new LoginInterceptor());
        //设置拦截器的拦截规则
        ic.addPathPatterns("/**");
        //放行拦截器(登录页面、登录请求、静态资源(js、css、img、video、font(字体文件))、阿里druid连接池监控中心、swaggerui)
        ic.excludePathPatterns(
                "/login/test2",
                "/sys/user/doLogin",
                "/js/**",
                "/css/**",
                "/imgs/**",
                "/druid/**",
                "/swagger-ui.html",
                "/v2/**",
                "/webjars/**",
                "/swagger-resources/**",
                "/sys/user/captcha",
                "/sys/platform/**",
                "/sys/files/**");
    }
}

Subsequent front-end needs to save token token information after login, I choose to save it in localstorage

if (res.code == '0000') {
    
    

console.dir(res.data);
//保存token---保存到localstorage
window.localStorage.setItem("token",res.data.token);

Then you need to carry the token every time you request it.
I chose to put the token in the header and send it to the backend

The following cases are implemented based on the Vue request guard:

// http request 请求拦截器
// 创建拦截器的对象必须是调用请求的axios对象
service.interceptors.request.use(config => {
    
    
    console.dir("请求拦截器!");
    // 在发送请求之前做些什么
  
  // 只要是所有的请求都需要发送的参数需要添加,就用请求拦截器实现
  //在请求发送之前拼接上token
  config.headers.token = window.localStorage.getItem("token");

	return config;
}, error => {
    
    
	// 对请求错误做些什么
	return Promise.reject(error);
});

So far, the effect of simple login verification has been realized!

Guess you like

Origin blog.csdn.net/gjb760662328/article/details/129720177
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com